Partners

"Some of the best of these tools, whether as stand-alone packages or integrated with larger enterprise management software, are based on the Unified Compliance Framework (UCF)."

The Unified Compliance Framework has played a critical role behind the scenes for the GRC industry. Only the companies listed below can provide functional support of the Unified Compliance Framework.

NOTE: If someone promises UCF support, and their software is not listed below, buyer beware. Unlicensed software cannot deliver what we promise. Please click here to request a live demonstration of the true power of the UCF so you can see it for yourself.

What do successful companies like these have in common? They have recognized the value of the UCF and incorporated it into their own products.

Click on the company logos to visit our Partners' websites.

Allgress provides easy to use and implement Risk Management and intelligence solutions that enable achievement of business objectives. By providing business intelligence, key stakeholders can make rapid decisions to protect the business. That's why some of the most respected Global 2000 companies use Allgress to automate the entire processes of managing risk, compliance and security from a single roles based dashboard. Unlike other risk management solutions, Allgress provides business value in a few weeks instead of months. Contact us at http://www.allgress.comAllgress Business Risk Intelligence

Aruvio Inc. (wholly owned subsidiary of Virima Technologies) provides organizations with enterprise scale, easy-to-use and cost-effective governance, risk, and compliance (GRC) software solutions with support for more than 900 compliance regulations, frameworks, and standards. Aruvio simplifies the way you work with the UCF content. Aruvio GRC is built and delivered on Salesforce.com, which is a proven platform for availability, scalability and security. Aruvio offers advanced social collaboration capabilities in addition to easy-to-use process automation features. Aruvio GRC is quick to deploy and easy to use. Aruvio offers free trial and pay-as-you-go pricing to reduce risk and guarantee rapid, proven results for any size organization. For more information, visit www.aruvio.com.

LockPath helps companies of all sizes address the increasingly complex issues of regulatory compliance and risk management. Its innovative software provides keen insight by correlating security information from multiple data sources with current regulations and policies to gauge risk. Easy to install and manage, the Keylight platform empowers people at every level in an organization to take control and make better business decisions. www.lockpath.com

MetricStream offers an advanced and comprehensive IT GRC software solution suite for streamlining these processes and effectively managing IT risk and meeting IT regulatory requirements. MetricStream enables companies to implement a formal framework to ensure rigor around how to measure, mitigate, and monitors IT risks. It eases complying with many regulations governing data retention, privacy, confidential information, financial accountability and recovery from disasters reduce the cost of compliance.

Microsoft System Center Service Manager is an integrated platform for automating and adapting your organization's IT service management best practices, such as those found in Microsoft Operations Framework (MOF) and Information Technology Infrastructure Library (ITIL). It provides built-in processes for incident and problem resolution, change control, and asset lifecycle management. Through its configuration management database (CMDB) and process integration, Service Manager automatically connects knowledge and information from System Center Operations Manager, System Center Configuration Manager and Active Directory.

Compliance Management Guide

NetIQ's Security and Compliance Management solution reduces enterprise risk, decreases compliance costs, and increases the security of critical information assets. Intelligent and integrated management of user activity and control of system configuration directly addresses the most significant security problems facing the enterprise. Automating the compliance and security processes reduces costs and helps you more easily protect critical servers, applications and customer data through scalable and streamlined security and compliance programs.

RSA Archer has licensed the UCF content to provide customers with a consistent set of controls mapped to several regulatory standards and best practices. In addition, UCF controls have been mapped to the Archer Control Standards which will simplify managing your compliance to the control objectives across all regulations.

Customers who deploy TruOps benefit from common risk nomenclature, standard metrics, shorter audit cycles, dynamic dashboards and reports for proactive mitigation and a flexible integration to scale as the enterprise grows and needs change.

ServiceNow IT Governance Risk and Compliance (IT GRC) automates the business-critical process of measuring and managing adherence to legislative policies, such as Sarbanes-Oxley (SOX), and industry ITIL framework like Control Objectives for Information and Related Technology (COBIT). First, IT GRC is used to document policies, define the risks of failing to comply and to design controls to enforce policies and mitigate risks. IT GRC is then used to schedule control tests to collect compliance evidence and identify failures that need remediation. Finally, information from service management processes can be automatically extracted as evidence for compliance audits.

The UCF is a natural fit with Software AG’s GRC platform as it allows to leverage the synergies between multiple compliance areas and GRC disciplines in combination with the generic approach to governance, risk and compliance management.

Symantec Control Compliance Suite (CCS) is designed to address IT risk and compliance challenges by delivering greater visibility and control across your infrastructure, data and people. Our holistic, fully-automated solution allows you to effectively manage security risks while reducing the cost and complexity of compliance. You can take advantage of built-in regulatory and technical content automatically mapped to policies and updated as regulations change; automatic technical and procedural controls assessments; a centralized database which combines CCS and third party data making it available for multi-level reports and dashboards; the ability to do risk-based remediation through built-in risk scoring and integration with remediation ticketing systems.

TraceSecurity’s TraceCSO is the industry’s first full-featured, cloud-based IT GRC solution, built for organizations of any size, industry, or security skill set that need to protect critical data or are subject to security mandates. TraceCSO transforms IT GRC management from a complex technology challenge into a simple, reliable business application and is delivered as a cost-effective cloud service.